Merge branch 'main' into feature/helidon

Author: SentryMan

.fossa.yml

@@ -100,6 +100,9 @@ targets:
     - type: gradle
       path: ./
       target: ':instrumentation:external-annotations:javaagent'
+    - type: gradle
+      path: ./
+      target: ':instrumentation:failsafe-3.0:library'
     - type: gradle
       path: ./
       target: ':instrumentation:finagle-http-23.11:javaagent'

.github/scripts/dependencies.dockerfile

@@ -1,3 +1,3 @@
 # this file exists so that Renovate can auto-update docker image versions that are then used elsewhere
 
-FROM lycheeverse/lychee:sha-2aa22f8@sha256:2e3786630482c41f9f2dd081e06d7da1c36d66996e8cf6573409b8bc418d48c4 AS lychee
+FROM lycheeverse/lychee:sha-8222559@sha256:6f49010cc46543af3b765f19d5319c0cdd4e8415d7596e1b401d5b4cec29c799 AS lychee

.github/workflows/build-common.yml

@@ -289,7 +289,7 @@ jobs:
 
       # vaadin tests use pnpm
       - name: Cache pnpm modules
-        uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: ~/.pnpm-store
           key: ${{ runner.os }}-test-cache-pnpm-modules

.github/workflows/codeql.yml

@@ -63,7 +63,7 @@ jobs:
           cache-read-only: ${{ github.event_name == 'pull_request' }}
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+        uses: github/codeql-action/init@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
         with:
           languages: ${{ matrix.language }}
           # using "linked" helps to keep up with the linked Kotlin support
@@ -84,6 +84,6 @@ jobs:
           --no-build-cache --no-daemon
 
       - name: Perform CodeQL analysis
-        uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+        uses: github/codeql-action/analyze@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/dependency-review.yml

@@ -19,4 +19,4 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@595b5aeba73380359d98a5e087f648dbb0edce1b # v4.7.3
+        uses: actions/dependency-review-action@56339e523c0409420f6c2c9a2f4292bbb3c07dd3 # v4.8.0

.github/workflows/documentation-disable-list-audit.yml

@@ -0,0 +1,56 @@
+name: Documentation Synchronization Audit (opentelemetry.io)
+
+on:
+  schedule:
+    - cron: "30 1 * * 1" # every Monday at 1:30 UTC
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  crawl:
+    runs-on: ubuntu-latest
+    outputs:
+      audit-output: ${{ steps.audit.outputs.AUDIT_OUTPUT }}
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+
+      - uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        with:
+          distribution: temurin
+          java-version: 17
+
+      - name: Set up gradle
+        uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
+
+      - name: Run instrumentation analyzer (identify any module changes)
+        run: ./gradlew :instrumentation-docs:runAnalysis
+
+      - name: Run doc site audit
+        id: audit
+        run: |
+          if ! output=$(./gradlew :instrumentation-docs:docSiteAudit 2>&1); then
+            echo "AUDIT_FAILED=true" >> $GITHUB_OUTPUT
+            echo "AUDIT_OUTPUT<<EOF" >> $GITHUB_OUTPUT
+            # Extract only the content between our custom markers
+            echo "$output" | sed -n '/=== AUDIT_FAILURE_START ===/,/=== AUDIT_FAILURE_END ===/p' | \
+              sed '/=== AUDIT_FAILURE_START ===/d' | \
+              sed '/=== AUDIT_FAILURE_END ===/d' >> $GITHUB_OUTPUT
+            echo "EOF" >> $GITHUB_OUTPUT
+            exit 1
+          else
+            echo "AUDIT_FAILED=false" >> $GITHUB_OUTPUT
+          fi
+
+  workflow-notification:
+    permissions:
+      contents: read
+      issues: write
+    needs:
+      - crawl
+    if: always()
+    uses: ./.github/workflows/reusable-workflow-notification.yml
+    with:
+      success: ${{ needs.crawl.result == 'success' }}
+      failure-details: ${{ needs.crawl.outputs.audit-output }}

.github/workflows/documentation-synchronization-audit.yml

@@ -42,6 +42,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+        uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
         with:
           sarif_file: results.sarif

.github/workflows/ossf-scorecard.yml

@@ -28,9 +28,18 @@ jobs:
         run: |
           rsync -avv gh-pages/benchmark-overhead/results/ benchmark-overhead/results/
 
+      - name: Set up JDK for running Gradle
+        uses: actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165 # v5.0.0
+        with:
+          distribution: temurin
+          java-version-file: .java-version
+
       - name: Setup Gradle
         uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
 
+      - name: Build Latest Snapshot JAR
+        run: ./gradlew assemble -x javadoc
+
       - name: Run tests
         working-directory: benchmark-overhead
         run: ./gradlew test
@@ -42,17 +51,15 @@ jobs:
       - name: Copy results back to gh-pages branch
         run: rsync -avv benchmark-overhead/results/ gh-pages/benchmark-overhead/results/ && rm -rf benchmark-overhead/results
 
+      - name: Use CLA approved bot
+        run: .github/scripts/use-cla-approved-bot.sh
+
       - name: Commit updated results
-        uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
-        with:
-          add: "benchmark-overhead/results"
-          cwd: "./gh-pages"
-          branch: "gh-pages"
-          message: "update test result data"
-          author_name: otelbot
-          author_email: [email protected]
-          committer_name: otelbot
-          committer_email: [email protected]
+        working-directory: ./gh-pages
+        run: |
+          git add benchmark-overhead/results
+          git commit -m "update test result data"
+          git push
 
   workflow-notification:
     permissions:

.github/workflows/overhead-benchmark-daily.yml

@@ -67,9 +67,9 @@ jobs:
           java-version-file: .java-version
 
       - name: Login to GitHub package registry
-        uses: azure/docker-login@15c4aadf093404726ab2ff205b2cdd33fa6d054c # v2
+        uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0
         with:
-          login-server: ghcr.io
+          registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}